Data Protection Legislation (GDPR and DPA 2018) governs how organisations (‘Data Controllers’) can use (‘Process’) information (‘Personal Data’) from which a living individual (‘Data Subjects’) can be identified. The Law applies to all organisations that process personal data but does not apply to ‘Anonymised’ data or data about a deceased individual. Data Protection Legislation is based around the concepts of principles, rights and accountability.
The General Data Protection Regulation (‘GDPR’) has direct effect in the UK from and including 25th May 2018, coupled with the new Data Protection Act 2018 (‘DPA 2018’). The DPA 2018 serves to assist with and supplement the adoption of the GDPR into UK law and once the UK leaves the EU, the DPA 2018 helps to ensure that the standards of the GDPR are enshrined in UK law.
Data Protection is regulated by the Information Commissioner’s Office (ICO) who are the supervisory authority for the UK and can be contacted at https://ico.org.uk/concerns/. The University’s registration number is Z5856740 and further details of the Data Protection register entry can be found on the Information Commissioner's public register.
Data Protection Act 2018
The DPA 2018 is the UK's third generation of data protection law which was passed by Parliament on 21st May 2018, given Royal Assent on the 23rd May 2018 and came into effect on 25th May 2018. It seeks to empower individuals to take control of their personal data and to support organisations with their lawful processing of personal data. It addresses areas within the GDPR which are left to the discretion of the UK as well as areas outside the scope of the GDPR.
The General Data Protection Regulation
In 2016, the EU adopted the General Data Protection Regulation (GDPR) which replaced the1995 Data Protection Directive. GDPR seeks to better protect individuals' rights around privacy and personal data, in view of the rapid changes in technology that have occurred. GDPR has direct effect in the UK from and including 25th May 2018.